Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 14:41:05 UTC

Unusual Outbound Traffic

Medium Resolved
ALR-00006 · 2026-05-25T00:58:06Z

Description

Unusual outbound traffic pattern from SRV-BACKUP-01 to IP in Eastern Europe. 450MB transferred over non-standard port. Flagged by SOC365 Engine.

Alert Metadata

Alert ID
ALR-00006
Timestamp
2026-05-25T00:58:06Z
Severity
Medium
Status
Resolved
Detection Source
SOC365 Engine
Assigned Analyst
Anika Patel

Endpoint Information

Hostname
SRV-BACKUP-01
User Account
c.williams
Source IP
185.212.220.48
Destination IP
10.0.251.185
Origin Country
BR Brazil

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1041
Reference
attack.mitre.org/techniques/T1041

Investigation Timeline

00:58:06 Event ingested by SOC365 Engine
00:58:10 EmilyAI triage started — correlation enrichment
00:58:19 EmilyAI confidence: 90% — escalated to human analyst
00:58:49 Alert assigned to analyst: Anika Patel
01:00:24 Investigation started — querying SIEM and threat intelligence
01:06:02 Containment action taken — endpoint isolated
01:16:39 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00205 4h ago Privilege Escalation Attempt Informational Investigating SRV-BACKUP-01
ALR-00054 10h ago C2 Beacon Activity Low Escalated SRV-BACKUP-01
ALR-00330 11h ago Unusual Outbound Traffic Low Open SRV-SQL-01
ALR-00080 13h ago C2 Beacon Activity Low Investigating SRV-BACKUP-01
ALR-00309 14h ago Unusual Outbound Traffic Medium Resolved FW-EDGE-01